General Information Security
- Don’t be tricked into giving away any confidential information, either via phone or via email.
- Do not respond to emails or phone calls requesting confidential company information, including financial information, employee information or company secrets.
- If in doubt DO NOT REPLY and contact the appropriate person via telephone to validate the request or seek further information from management.
- Scamming techniques are often very targeted, using information gathered by telephone calls, information available on companies house or previous email exchanges.
- This means that requests can appear genuine, these can include director’s names and addresses and can have legitimate looking email signatures.
- Be suspicious at all times and if in any doubt validate the information first and make outbound contact via phone to validate the request.
- Stay on you guard to avoid falling for any scams.
Email and Email Attachments
- Be aware that just because an email looks like it has come from someone with a legitimate request any response or reply that you make may be sent to a different address.
- Email addresses can easily be spoofed, both internally and externally so do not assume the email is genuine.
- Typically what appears to be the senders address may change when you hit reply, this confirms that the email is likely to have been spoofed.
- If in doubt DO NOT REPLY and contact the appropriate person via telephone to validate the request.
- Do not open email attachments unless you are 100% certain you are expecting them, many scams involve fake email attachments from HMRC or suppliers, often these are copied from legitimate business with genuine email signatures and contact details. If you are not expecting the invoice or email or attachment and do not usually receive invoices or have no need to view the information DO NOT OPEN the attachments.
- NEVER OPEN .ZIP OR .EXE Files, if you receive these contact your IT department immediately.
- Do not open documents from scanner@ email addresses unless you have recently scanned something and are 100% sure the address is correct and again DO NOT OPEN ZIP FILES, scanners will send documents in a PDF format.
- If you open a PDF file and it asks to open Microsoft Word, CLOSE THE DOCUMENT IMMEDIATELY.
- This is a particular issue for accounts teams, if you do not recognise the supplier on your supplier lists, DO NOT OPEN the attachments.
- If you receive an email that appears to have been sent internally but seems strange then contact the sender to see if they sent it before opening it. Internal emails can be faked from outside of the business, just because it appears to be an internal email it does not mean that it is safe and should still be treat with caution.
Website and Hyperlinks
- Never follow hyperlinks in email, always go to the website directly yourself and find the relevant login links. Often the hyperlinks are faked and you are redirected to a fake version of the website, often these can look quite realistic.
- Check the address bar in your web browser to ensure the site address is correct and secure, only provide information in contact forms on secure website (sites that display the padlock icon in the address bar)
- If you receive a security or security certificate warning when going to a website, do not accept the warning and continue, close the browser and contact your IT department for further information.
PC and Desktop Security
- Never allow anyone to remote control your PC unless it is your IT department or has been first authorised by your IT department. If you are not expecting your IT department to call you due to an issue you have raised with them, hang up the call and call them back on their support number to ensure it is the right people that you are speaking to.
- Microsoft do not call you to remotely access your computer, if someone from Microsoft contacts you asking to assist you hang up the call and contact your IT department.
- Lock your computer if you are leaving your desk un-attended.
- Never bring in personal USB sticks or storage devices unless they have been authorised for use in the business.
- Never install software unless it has first been authorised by your IT department. This includes ITunes or any anti malware software. Often software has malware code hidden within it and although it appears to be free and helpful it often will compromise your computer.
- Never install plugins or code without first checking with your IT department.
- Do not plug in personal devices to the computer network or your PC, this includes wireless access points, usb sticks, ipods, mobile phones etc
- Change your windows password frequently, do not make it obvious, avoid passwords such as password, password1 or Password2 etc. Do not substitute letters for numbers such as pa55w0rd as this is easy to guess,
- Do not divulge your password to anyone, if you believe your password has been compromised either change it or contact your IT department for further information.
Last but not least, ensure you have good anti-spam and anti-virus solutions in place. If you haven’t, then contact us to let us help keep your data secure.